Corporate Governance for CISOs: Asset Management

Join Keyaan Williams, Senior Executive, C|CISO Programs at EC-Council for his Corporate Governance for CISOs webinar series! The first webinar in the series will cover the topic of Asset Management from an executive perspective. This session will focus on some fundamental concerns that an organization must address to support an effective information security program. How do you identify asset owners? What are examples of effective classification strategies? What type of inventory do you maintain to manage your asset information? What relationship do asset management and change management share?

There is more to community involvement than fun runs and bake sales. Many of the conferences and organizations in the information security community are volunteer run. In our workdays, we rarely get a chance to work on overall career development and yet, we need challenges to improve our technical and nontechnical skills. Join us as we review best practices for volunteering, how to leverage these for career development and how to best engage your employers, or prospective employers.

In a recent CyberSecJobs.Com survey, only 54% of the community said that they knew how to find a job. Of those 54% the top tool for finding a job was asking friends. Finding a job is a full time job. Do you have all of the tools available to you to find your next job? Spend a few moments with Kathleen Smith a Recruiting Marketing expert and hear about the top tips you want to make sure you always have at your fingertips to find your next opportunity.

In today’s rapidly changing IT environment, organizations must be diligent about protecting themselves from evolving cyber threats. Disruptive malware can have a long and lasting effect on business operations and brand reputation. Cisco Umbrella is a cloud security platform that helps stop threats before they reach your network or endpoints. It helps you mitigate remediation costs and breach damage, reduce the time to detect and contain threats, and increase visibility into internet activity across all devices. It is the first line of defense and the simplest security product to deploy, integrating seamlessly into your existing security stack.

In this presentation, we will cover:

*The four tenets of stopping disruptive threats
*Why Cisco Umbrella should be the first stop
*How to assess your organization’s security posture

ePlus believes that making security pervasive across your entire IT landscape positions you for growth and success. By utilizing Cisco Umbrella technology, you gain the visibility you need to stop disruptive threats in their tracks.

The latest talk in managing security programs is the ability to make “shift left” in terms of implementing controls. This concept translates to being able to not apply security controls post-implementation but rather during pre-implementation phases in a System or Software Development Lifecycle. These stages (such as the Definition, Design, or even Development phase) can allow for security requirements to be conceptualized and applied before an Implementation phase. The rise of regulations and demand for more agile engineering practices is forcing CISOs and security programs to develop more sophisticated ways to adhere to security requirements from regulations, internal governance, and clients. This talk will focus on how DevSecOps efforts are changing how we govern security controls via greater automation tools that are readily available to leverage. This talk will also show how the future can support for more cost effective governance models, regardless of industry or size of IT environment.

Organisations in 2019 will be increasingly faced with a hyper-connected world where the pace and scale of change – particularly in terms of technology – will accelerate substantially. Business leaders need to develop cutting-edge ways to deal with new regulation, advanced technology and distorted information.

In this webinar, Steve Durbin, Managing Director, ISF will discuss the threats organisations will be facing in 2019 and how business leaders and their security teams can address them. The emerging cyber threats to lookout for include:

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

Organisations increasingly rely on cloud services, motivated by the benefits of scalability, accessibility, flexibility, business efficiencies and reduced IT costs. However, there are several security implications that organisations need to address, including the challenge of verifying identity and managing access to cloud services.

Cloud services bring added complexity to identity and access management, exacerbated by the distribution of data across a myriad of applications accessed by users from multiple devices and locations. Failure to adequately implement user authentication and access control in the cloud can be exploited by attackers to gain access to users’ credentials, manipulate systems and compromise data.

In this webinar, Senior Research Analyst Dr Emma Bickerstaffe and Principal Analyst Benoit Heynderickx will discuss identity management, access control and user authentication in the cloud environment, and consider how organisations can effectively tackle this security concern.

When you think of a cyber range, you probably think about a lot of hardware, a time-consuming set-up and a ton of money. Something that’s difficult to build and maintain, and not easily deployed. Learn on Demand Systems is out to change that. In this webinar, Brian Bork will take you through the ways Learn on Demand Systems empowers you to quickly build, deliver and scaling a new kind of cyber range.

With the ever-increasing frequency and sophistication of security threats to organisations, business leaders need to have a comprehensive data security strategy to protect themselves. Information security practitioners have to think and plan beyond existing protection capabilities that are aimed at preventing threats only. Today's cyber security strategies need to protect an organisations mission critical assets in a way that is:

‒ balanced, providing a mixture of informative, preventative and detective security controls that complement each other
‒ comprehensive, providing protection before, during and after threat events materialise into security incidents
‒ end-to-end, covering the complete information life cycle.

This will enable organisations to match the protection provided with the sophistication of threats to such mission critical information assets. This webinar will look at past and present models and share ideas on how organisations can ‘future proof’ their strategies to combat next generation threats.

In particular in this webinar, Nick Frost, Principal Consultant at the ISF will discuss what actions can be taken to identify your most critical information assets, and how a modern day cyber security model needs to focus on prevention and detection of a data breach, and how to respond to a breach in order to reduce damage to brand and reputation.

Although overused, Next Generation Security still means keeping up with the challenges of securing today’s networks. The fundamental rule of keeping up with those challenges is having both a vision and an architecture that provides the foundation, regardless of how the market or the threats themselves change.

This session will focus on what is needed in an evolving security architecture to provide Next Generation Security in a constantly changing environment.

During this presentation, you'll learn about deep learning, the history of artificial intelligence, the history of malware management, and the current approach to eliminating malware threats to the enterprise using AI.

IoT, IIoT, OT... It is likely that for many of us these acronyms are confusing. The fact is that traditional industrial environments, such as utilities and production, have started a digital transformation process which harness these and other technologies to become more efficient, automated and competitive.

Within this transformation from a well-defined and well-controlled industrial ecosystem to a dynamic and open one, lurks a shift in the security challenges, needs and solutions/architecture.

This session will focus on the technologies and challenges digital transformation introduces in industrial environments and how Fortinet’s Security Fabric is deployed in such an environments to provide the required security infrastructure and posture, including demonstration of some simplified use cases.

Data protection has always been important, but with the GDPR deadline looming and data sharing scandals shaking consumer confidence, securing personal data has never been more vital. The GDPR is leading businesses across the world to evaluate, and in many cases modify their data processing activities in line with upcoming law.

So what if you’ve left it too late? What are the key steps you can take to work towards GDPR compliance, even after deadline day?

Join us in this webinar with Alex Jordan, Senior Analyst at the Information Security Forum as he shares:

-The ISF’s phased approach to GDPR implementation
-Ways to determine the criticality of data and how to protect it appropriately
-The urgent actions that a business can take to get GDPR compliance started
-Common myths surrounding the GDPR, and guidance on cutting through the noise.

The United States spent around $3.5 trillion or 18% of GDP on healthcare. According to FBI, the amount of this spending lost due to fraud, waste, and abuse (FWA) ranged between $90 billion and $330 billion!

This talk will offer practical advice on how to effectively organize and join various healthcare data sources such as claim and clinical data, how to set-up the problem, and how to design an effective machine learning solution to identify FWA leads and expedite investigator review using intuitive visualization to understand the risk factors contributing to those leads.

Payment fraud prevention tools have existed since the end of the 90s and have improved continuously since. In the last 2 to 3 years we have seen a new paradigm come into the space - machine learning.

This new technology is perfectly fitted for identifying fraud and is slowly being adopted by the market. Moving forward, using tools like this will no longer be a choice but rather an obligation for merchants. An obligation, as it will be at the origin of a competitive advantage which goes way beyond fraud prevention and will bleed into business intelligence fields.

In this session, Rodrigo Camacho, CCO at Nethone will walk you through the evolution fraud prevention touching on the following key points;

How the problem is solved by a large part of the industry today
The revolution that is happening in the space today
The halo effect that this revolution is going to have on the rest of business processes

Cyber has become a strategic issue and for many companies is now a business enabler and increasingly a form of competitive advantage. However it is clear that it remains difficult for Board's to get the “right” management information to support their cyber risk discussions and decision making.

So how can Board's ensure that they are asking the right questions when it comes to an organisation’s cyber posture and how can CISOs maintain and improve the Board’s attention in this fast-moving space? This webinar will look at the challenges faced by CISOs and Board members and offer insights into how to successfully approach cyber security at Board level.

About the presenter:
Steve Durbin is Managing Director at the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

Rob Shapland is an ethical hacker with 9 years’ experience conducting penetration tests for hundreds of organisations, from small businesses to major international organisations.
He specialises in simulating advanced cyber attacks against corporate networks, combining technical attacks with his other hobby of dressing up and tricking his way into company headquarters using social engineering techniques.
He is also a regular speaker at events and conferences around Europe, and has appeared on both BBC and ITV as a cyber security adviser. He holds qualifications from SANS, Offensive Security and CREST, and has been trained in social engineering techniques by Chris Hadnagy, one of the world's leading practitioners and researchers.

The expectation from the start of 2017 – that we hadn’t seen the back of ransomware – was justified. 2017 was plagued with global attacks such as Petya, WannaCry, Bad Rabbit and many others. Unfortunately, 2018 could be even worse.

With ransomware continuously developing new delivery techniques, organisations must learn how to prepare and protect themselves from the threat of ransomware, but how can they do this?

In this webinar, Nick Frost, Principal Consultant at the ISF, will explore the latest threats in ransomware and what organisations can do to minimise vulnerabilities to reduce risks of an attack.

About the presenter:

Nick is currently the Principal Researcher for the Information Security Forum (ISF) Ltd. He has more than 15 years’ experience designing and implementing a risk-based approach to securing information. He has developed leading solutions for evaluating risk across both internal and supplier environments.

In the age of Digital Transformation, SD-WAN is on the lips of all enterprises and service providers. While the operational and commercial benefits of SD-WAN are clear, the focus on these as THE consideration is dangerous, as along its benefits comes a greater cyber security risk.

This session will focus on Secure SD-WAN and the built-in benefits it provides, from both the operational and security points of view.

This webinar will detail how to apply AI and automation to assist security team members, from CISOs to SOC/IR operators, allowing the team to become proactive in defense and best serve the new needs of innovative companies. We will cover:

o Considerations of implementing automation without an increase in workload

o How to reduce risk by 98% with current staff and no longer "overlooking" a de-prioritized or quarantined alert

o What it takes to go from alert triage to incident response and remediation in less than 10 minutes

o How to become proactive in defense by utilizing knowledge from investigations to increase network defense

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.